3fcd5ed96f1889eb9e8767b9cc9500425b4577358b65e84ee69108a63fb344e6

Sharing

Copy URL

Twitter E-mail

General

Target

3fcd5ed96f1889eb9e8767b9cc9500425b4577358b65e84ee69108a63fb344e6
Size

14KB
MD5

815965e3b5bb7f847ec99ae1438be1e0
SHA1

ff599d6187bfc177994388487475feb1caf71bd3
SHA256

3fcd5ed96f1889eb9e8767b9cc9500425b4577358b65e84ee69108a63fb344e6
SHA512

ceb4975abc44f5ce477834a18e47741a6ada6dcd8ab989f56824c8724e324c004950e2d8ddd7247e48a45c6f35bd7473db893b29094962015794712f569a7f47
SSDEEP

384:/Q+ZX+zdJSrgi0ChMyE23px1VMWx9eIry/qLLWcgC:4xxJSMIhMyF31VMMIIWsicg

Score

N/A

Malware Config

Signatures

Files

3fcd5ed96f1889eb9e8767b9cc9500425b4577358b65e84ee69108a63fb344e6
.exe windows x86

c0c3813f175dde38e9fea3b3db85f56f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwSetInformationFile
ZwQueryInformationFile
ZwCreateFile
ZwWriteFile
ZwDeleteFile
PsTerminateSystemThread
KeCancelTimer
KeWaitForSingleObject
KeSetTimerEx
KeInitializeTimerEx
ExFreePoolWithTag
swprintf
PsCreateSystemThread
ZwQuerySystemInformation
ExAllocatePoolWithTag
_stricmp
strncpy
strchr
ZwReadFile
KeSetPriorityThread
KeGetCurrentThread
NtQueryDirectoryFile
NtQuerySystemInformation
NtOpenFile
NtCreateFile
ProbeForRead
IoGetCurrentProcess
_wcsicmp
RtlInitUnicodeString
wcsrchr
wcsstr
ZwOpenFile
wcslen
RtlCompareUnicodeString
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
ZwOpenKey
wcscat
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
strncmp
IoAttachDeviceToDeviceStack
IoCreateDevice
IoGetDeviceObjectPointer
IoDeleteDevice
IoDetachDevice
IofCallDriver
IofCompleteRequest
ExReleaseFastMutexUnsafe
IoCreateSymbolicLink
ExAcquireFastMutexUnsafe
IoDeleteSymbolicLink
KeInitializeEvent
_except_handler3
RtlQueryRegistryValues
RtlWriteRegistryValue
DbgPrint
ZwClose

hal

KfLowerIrql
KfAcquireSpinLock
KfRaiseIrql

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 896B - Virtual size: 785B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 896B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0c3813f175dde38e9fea3b3db85f56f

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 640B - Virtual size: 620B

.data Size: 640B - Virtual size: 520B

PAGE Size: 896B - Virtual size: 785B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 896B - Virtual size: 804B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 640B - Virtual size: 620B

.data
Size: 640B - Virtual size: 520B

PAGE
Size: 896B - Virtual size: 785B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 896B - Virtual size: 804B